What are they?
Phishing is a type of attack where social engineering techniques are used to capture sensitive information from a victim via
email. A threat actor using this type of attack seeks to trick
email recipients into providing sensitive information by clicking on malicious attachments and/or URLs, or sharing data on fraudulent pages. To do so, the attacker simulates a credible brand or impersonates someone trustworthy. When this technique is used via SMS it is called
smishing, and by phone (voice) it is called
vishing. This technique can also be used through instant messaging on social networking applications.